package com.yociyy.security.authorize;

import java.util.List;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;

/**
 * 默认授权配置管理器
 * 
 * @author: YoCiyy
 * @date: 2020/7/1
 */
@Component
@AllArgsConstructor
@Slf4j
public class YoCiAuthorizeConfigManager implements AuthorizeConfigManager {

	private final List<AuthorizeConfigProvider> authorizeConfigProviders;

	@Override
	public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {

		// XXX 待重构，逻辑暂写死
		// 遍历授权提供器的方法，检查是否有重复的anyRequest配置
		for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) {

			boolean currentExistAnyRequestConfig = authorizeConfigProvider.config(config);

			// 存在重复的anyRequest,抛出异常
			if (!currentExistAnyRequestConfig) {
				throw new RuntimeException("Duplicate any request configuration: " + authorizeConfigProvider.getClass().getSimpleName());
			}
		}

		config.anyRequest().authenticated();
	}
}
